Typescript Dom Open Redirect

Description

Detects DOM-based open redirect vulnerabilities in TypeScript/JavaScript code where user-controlled input can influence navigation to arbitrary URLs. This can allow attackers to redirect users to malicious websites through manipulation of URL parameters or other user inputs.

Weakness:

156 - Uncontrolled external site redirect

Category: Deceptive Interactions

Detection Strategy

• Identifies assignments of user-controlled data to dangerous DOM navigation properties like window.location or location.href

• Detects calls to navigation methods like window.open() or location.replace() where the URL parameter is derived from user input

• Analyzes data flow to determine if URL values come from unsafe sources like URL parameters, document.referrer, or user input

• Reports vulnerabilities when unsafe/unvalidated URL values are used in navigation operations

Vulnerable code example

// Vulnerable URL redirection example
const params = new URLSearchParams(window.location.search);
const redirectUrl = params.get("next");
window.location.href = redirectUrl; // Vulnerable: Direct use of user input for redirect without validation

✅ Secure code example

// Secure URL redirection with allowlist and same-origin validation
const params = new URLSearchParams(window.location.search);
const redirectUrl = params.get("next");

// Define allowed paths for redirection
const allowedPaths = ["/home", "/dashboard", "/profile"];

if (redirectUrl) {...

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.